Lucene search
K

18 matches found

NVD
NVD
added 2026/01/27 9:16 p.m.11 views

CVE-2026-24736

Squidex is an open source headless content management system and content management hub. Versions of the application up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules engine. The url parameter in the webhook configuration does not appear to validate or restri...

9.1CVSS0.0042EPSS
Exploits1References1
EUVD
EUVD
added 2026/01/27 8:54 p.m.5 views

EUVD-2026-4742

Squidex is an open source headless content management system and content management hub. Versions of the application up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules engine. The url parameter in the webhook configuration does not appear to validate or restri...

9.1CVSS6AI score0.0042EPSS
Exploits1References1
CVE
CVE
added 2026/01/27 8:54 p.m.43 views

CVE-2026-24736

Squidex (up to 7.21.0) is vulnerable to a Server-Side Request Forgery (SSRF) in the Webhook configuration. The url parameter used by Rules engine webhooks does not validate destination IPs, allowing local addresses (e.g., 127.0.0.1, localhost). When a rule triggers, the backend makes an HTTP requ...

9.1CVSS6AI score0.0042EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.11 views

PT-2026-5022

Name of the Vulnerable Software and Affected Versions Squidex versions up to and including 7.21.0 Description Squidex is an open source headless content management system and content management hub. Versions up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules...

9.1CVSS6AI score0.0042EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25895

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00332EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/30 6:17 p.m.5 views

CVE-2025-53105

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 10.0.0 to before 10.0.19, a connected user without administration rights can change th...

7.5CVSS6.8AI score0.00332EPSS
Exploits0References1
OSV
OSV
added 2025/08/27 3:15 p.m.4 views

UBUNTU-CVE-2025-53105

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 10.0.0 to before 10.0.19, a connected user without administration rights can change th...

7.5CVSS5.9AI score0.00332EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/27 12:0 a.m.13 views

GLPI 安全漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

7.5CVSS4.8AI score0.00332EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.22 views

Fedora: Security Advisory for maven-enforcer (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02578EPSS
Exploits3References2
NVD
NVD
added 2023/06/19 4:15 a.m.33 views

CVE-2023-35853

In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section...

9.8CVSS9.5AI score0.01031EPSS
Exploits0References3
OSV
OSV
added 2023/06/19 12:0 a.m.29 views

CVE-2023-35853

In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section...

9.8CVSS7.3AI score0.01031EPSS
Exploits0References5
Kitploit
Kitploit
added 2019/05/13 12:43 p.m.182 views

Pacbot - Platform For Continuous Compliance Monitoring, Compliance Reporting And Security Automation For The Cloud

Policy as Code Bot PacBot is a platform for continuous compliance monitoring, compliance reporting and security automation for the cloud. In PacBot, security and compliance policies are implemented as code. All resources discovered by PacBot are evaluated against these policies to gauge policy...

7.3AI score
Exploits0References14
NVD
NVD
added 2014/12/11 11:59 a.m.23 views

CVE-2014-6114

The Hosted Transparent Decision Service in the Rule Execution Server in IBM WebSphere ILOG JRules 7.1 before MP1 FP5 IF43; WebSphere Operational Decision Management 7.5 before FP3 IF41; and Operational Decision Manager 8.0 before MP1 FP2 IF34, 8.5 before MP1 FP1 IF43, and 8.6 before IF8 allows...

5CVSS6.7AI score0.02166EPSS
Exploits0References2
Cvelist
Cvelist
added 2014/12/11 11:0 a.m.23 views

CVE-2014-6114

The Hosted Transparent Decision Service in the Rule Execution Server in IBM WebSphere ILOG JRules 7.1 before MP1 FP5 IF43; WebSphere Operational Decision Management 7.5 before FP3 IF41; and Operational Decision Manager 8.0 before MP1 FP2 IF34, 8.5 before MP1 FP1 IF43, and 8.6 before IF8 allows...

6.7AI score0.02166EPSS
Exploits0References2
Prion
Prion
added 2014/05/09 10:50 a.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

3.5CVSS5.6AI score0.0118EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2014/05/09 10:50 a.m.21 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert...

6CVSS6.6AI score0.00726EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2014/05/09 10:0 a.m.22 views

CVE-2014-0945

Cross-site scripting XSS vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

5.3AI score0.0118EPSS
Exploits0References2
Cvelist
Cvelist
added 2014/05/09 10:0 a.m.23 views

CVE-2014-0946

The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation...

6.2AI score0.01845EPSS
Exploits0References2
Rows per page
Query Builder